Версия 10:24, 15 января 2010

Настройка VPN роутреа на cisco 1841=

Данная стстья не притендует на оригинальность, в интеренте полно такой информации. это просто краткие заметки для себя, что б не забыть =)

Есть роутер (2 Fa):

Cisco 1841 (revision 7.0) with 236544K/25600K bytes of memory.
Processor board ID XXXXXXXX
2 FastEthernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Для работы VPN нужно

aaa new-model

Описать радиус-сервер

aaa group server radius MISERY
 server 192.168.1.1 auth-port 1812 acct-port 1813
 ip radius source-interface FastEthernet0/0
 attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
 deadtime 10
!

aaa authentication ppp RADIUS-MISERY group MISERY
aaa authorization network default group MISERY

aaa accounting delay-start
aaa accounting update newinfo periodic 1
aaa accounting network RADIUS-MISERY start-stop group MISERY
aaa accounting system default start-stop group MISERY

vpdn enable vpdn aaa attribute nas-ip-address vpdn-nas vpdn aaa attribute nas-port vpdn-nas vpdn session-limit 5000 !

vpdn-group VPN1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 session-limit 32767
 pptp tunnel echo 0
 pptp flow-control static-rtt 5000
 l2tp tunnel receive-window 1024

Адрес используется в качестве конца тунеля.

interface Loopback0

ip address XX.XX.128.0 255.255.255.255

! interface FastEthernet0/0

ip address 172.16.29.109 255.255.255.248
duplex auto
speed auto

! interface FastEthernet0/1

ip address 172.16.254.1 255.255.255.0
duplex auto
speed auto

! interface Virtual-Template1

description "VPN server"
ip unnumbered Loopback0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
peer default ip address pool DIAL-IN
ppp mtu adaptive
ppp authentication pap ms-chap-v2 RADIUS-MISERY
ppp accounting RADIUS-MISERY
ppp ipcp dns 193.33.48.33 193.33.19.160
hold-queue 4096 in
hold-queue 4096 out

! ip local pool DIAL-IN 172.16.2.21 172.16.2.25 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.16.29.108 ip route 95.69.128.16 255.255.255.240 Null0 ! ! no ip http server no ip http secure-server ! ! ! ! ! ! radius-server attribute 44 include-in-access-req radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server host 192.168.20.1 auth-port 1812 acct-port 1813 key 7 06080E32 radius-server vsa send cisco-nas-port radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4

exec-timeout 0 0
exec prompt timestamp
history size 256
full-help
transport preferred none
transport input ssh

line vty 5 807

exec-timeout 0 0
exec prompt timestamp
history size 256
full-help
transport preferred none
transport input ssh

! scheduler allocate 20000 1000 ntp clock-period 17180301 end

Cisco-vpn: различия между версиями

Версия 10:24, 15 января 2010

Настройка VPN роутреа на cisco 1841=

Навигация

Действия на странице

Действия на странице

Персональные инструменты

Навигация

Поиск

Инструменты